Healthcare organizations have become a major target of cyber-attacks in recent years. Data shows that these attacks are growing annually. Besides that, they are becoming more complex and harder to predict. The healthcare system is prone to various types of attacks including phishing schemes, ransomware attacks, and malware. The wide array of tools at the disposal of hackers makes it quite difficult but not impossible to stop them. Here are some of the reasons why healthcare cyber threats are so many:
1. The Systems Have to Operate All Year
The main reason why healthcare cyber threats are so many is that these systems must remain operational all year. Most healthcare organizations now depend on electronic systems for efficient workflow. Whether it is to manage patient data or to prevent errors, they rely on electrical systems. Thus, this makes them the prime target since they cannot be shut down for long periods.
Other organizations can afford to go offline for a few weeks to conduct upgrades. However, healthcare system upgrades have to be done while the systems are still working. This presents a unique challenge for IT experts since they have to conduct audits even as the systems operate.
2. The Market is small
There are about 5,5oo hospitals in the US with most vendors of software for the health system have a small customer base. As a result, many niche developer will not have enough resources to develop robust security systems. For instance, there are still systems in the US that run only in Windows XP. In such an instance, it is quite easy for criminals to gain access into these systems because of outdated software.
3. Massive Under Spending
There is gross underspending in the healthcare cyber security systems. For instance, banks spend about 25 percent of their budget on general security measures. However, healthcare providers can only afford to spend about 4 percent of their budget on cybersecurity. Hackers are well aware of this and therefore target systems that have inadequate security controls in place because they are under funded. Healthcare organizations are an easy target for hackers due to the large vulnerabilities in their systems.
4. Medical Devices Are Not Protected
In a medical facility, you will not just have phones and laptops. You will also have medical devices connected to the system. These include devices such as IV pumps, heart monitors, and other such appliances. However, these devices also have computer chips, just like desktop computers and phones. Despite this, they do not have the same level of protection.
The manufacturers of these devices did not think to install security measures in them since they did not assume they would be a target. However, complex attacks have been able to use these devices to gain entry into hospital networks. Many of the manufacturers often claim that upgrading the systems would require pre-approval by the FDA. However, this is not entirely true. This just makes hospitals an easy target even for novice hackers.
3. The Healthcare System is Not Well Coordinated
Many large companies have a strict structure of command and control. However, that is not the case with hospitals. They have a decentralized structure of loosely connected clinics, labs, pharmacies, and hospitals. Each one of these facilities is fully autonomous and can implement their own policies.
For healthcare cybersecurity to work, all of these organizations would have to work in synergy. Unfortunately, healthcare providers all choose their own independent vendor, devices, and software. As a result, it makes it very hard to control these systems. All a hacker has to do is target a small clinic with old systems that are connected to a big hospital with robust security systems to gain access. For example, they can use a small clinic’s systems to send malicious links through email, once someone clicks the link they unleash the threats into the entire system.
5. They have a huge Trove of Data
Hospitals hold huge quantities of personal data. Since everyone has to visit the hospital at some point, they will also have to provide credit card information, insurance details, and more. This is a treasure trove for cyber attackers. They can get access to hundreds of thousands of personal pieces of data on anyone who sets foot in the hospital.
What Hospitals Can Do
Despite all of the reasons that make the healthcare system so attractive to hackers, they are not defenseless. Those working in this sector can utilize many solutions. Here are a few of them.
1. Back Up Data
One of the biggest cyber threats in 2017 has been ransomware attacks. These attacks lock up data and demand compensation to release it. The easiest way to beat it is to have a robust data backup policy. This backup site should be well-protected and kept offline when not in use so when hospitals suffers a ransomware attack, they can simply wipe their drives clean and restore data from the backups.
2. Update software Often
When a company releases a new version of its software, hackers will go and check what loopholes were sealed. They will then use that information to target anyone who has not updated their systems. Thus, whenever a new update is released, all existing versions of the software need to be promptly updated.
3. Train the Staff
The most vulnerable area of any cyber-attack is the human factor. Untrained employees are most likely to click on strange links in their emails. They are also most likely to connect to unknown Wi-Fi hotspots to get a free internet connection. However, such hotspots could be loaded with malware that can be introduced into the workplace. This is why it is imperative that employees receive cybersecurity training at least once a year.